Whitepaper entitled ‘Data-Mining With SQL Injection and Inference’. Paper is based on a talk given earlier this year at Blackhat Europe. It divides SQL injection data theft attacks into three classes – inband, out-of-band and inference. The first, in-band, uses the existing connection to get data out; the second, out-of-band, uses another channel, e.g. smtp by using builtin database mail functions; and lastly inference.
You can download it from the following link: https://packetstormsecurity.com/files/download/40460/sqlinference.pdf
Source: https://packetstormsecurity.com/files/40460/sqlinference.pdf.html